<?php
// +--------------------------------------------------------------------------+
// | Media Gallery WKZ Plugin - Geeklog                                       |
// +--------------------------------------------------------------------------+
// | rater.php                                                                |
// |                                                                          |
// | non AJAX based rating script                                             |
// +--------------------------------------------------------------------------+
// | Copyright (C) 2002-2009 by the following authors:                        |
// |                                                                          |
// | Mark R. Evans          mark AT glfusion DOT org                          |
// +--------------------------------------------------------------------------+
// | Copyright (C) 2006,2007,2008 by the following authors:                   |
// |                                                                          |
// | Authors:                                                                 |
// | Ryan Masuga, masugadesign.com  - ryan@masugadesign.com                   |
// | Masuga Design                                                            |
// |http://masugadesign.com/the-lab/scripts/unobtrusive-ajax-star-rating-bar/ |
// | Komodo Media (http://komodomedia.com)                                    |
// | Climax Designs (http://slim.climaxdesigns.com/)                          |
// | Ben Nolan (http://bennolan.com/behaviour/) for Behavio(u)r!              |
// |                                                                          |
// | Homepage for this script:                                                |
// |http://www.masugadesign.com/the-lab/scripts/unobtrusive-ajax-star-rating-bar/
// +--------------------------------------------------------------------------+
// | This (Unobtusive) AJAX Rating Bar script is licensed under the           |
// | Creative Commons Attribution 3.0 License                                 |
// |  http://creativecommons.org/licenses/by/3.0/                             |
// |                                                                          |
// | What that means is: Use these files however you want, but don't          |
// | redistribute without the proper credits, please. I'd appreciate hearing  |
// | from you if you're using this script.                                    |
// |                                                                          |
// | Suggestions or improvements welcome - they only serve to make the script |
// | better.                                                                  |
// +--------------------------------------------------------------------------+
// |                                                                          |
// | Licensed under a Creative Commons Attribution 3.0 License.               |
// | http://creativecommons.org/licenses/by/3.0/                              |
// |                                                                          |
// +--------------------------------------------------------------------------+

require_once '../lib-common.php';

if (!in_array('mediagallery', $_PLUGINS)) {
    echo COM_refresh($_CONF['site_url'] . '/index.php');
    exit;
}

require_once $_CONF['path'] . 'plugins/mediagallery/include/common.php';

//getting the values
$vote_sent  = preg_replace("/[^0-9]/","",$_REQUEST['j']);
$id_sent    = preg_replace("/[^0-9a-zA-Z]/","",$_REQUEST['q']);
$ip_num     = preg_replace("/[^0-9\.]/","",$_REQUEST['t']);
$units      = preg_replace("/[^0-9]/","",$_REQUEST['c']);
$ip         = $_SERVER['REMOTE_ADDR'];
$referer    = $_SERVER['HTTP_REFERER'];
$ratingdate = time();
$uid        = isset($_USER['uid']) ? $_USER['uid'] : 1;

if ($vote_sent > $units) {
    die("Sorry, vote appears to be invalid."); // kill the script because normal users will never see this.
}

if ((!isset($_USER['uid']) || $_USER['uid'] < 2) && $_MG_CONF['loginrequired'] == 1) {
    die("Sorry, user must login first");
}

$sql = "SELECT media_votes,media_rating,media_user_id "
     . "FROM {$_TABLES['mg_media']} "
     . "WHERE media_id='" . addslashes($id_sent) . "'";
$result         = DB_query($sql);
$row            = DB_fetchArray($result);
$count          = $row['media_votes'];
$current_rating = $row['media_rating'];
$owner_id       = $row['media_user_id'];
if ( !isset($owner_id) || $owner_id == '' ) {
    $owner_id = 2;
}

$sql = "SELECT id FROM {$_TABLES['mg_rating']} "
     . "WHERE (uid=" . intval($uid) . " OR ip_address='" . addslashes($ip) . "') "
     . "AND media_id='" . addslashes($id) . "'";
$checkResult = DB_query($sql);
$voted = (DB_numRows($checkResult) > 0) ? 1 : 0;

COM_clearSpeedlimit($_MG_CONF['rating_speedlimit'],'mgrate');
$last = COM_checkSpeedlimit ('mgrate');
$speedlimiterror = ($last > 0) ? 1 : 0;

$sum = ($vote_sent * 2) + $current_rating; // add together the current vote value and the total vote value
$tense = ($count == 1) ? $LANG_MG03['vote'] : $LANG_MG03['votes']; //plural form votes/vote

// checking to see if the first vote has been tallied
// or increment the current number of votes
($sum==0 ? $added=0 : $added=$count+1);

$new_rating = $sum / $added;

if(!$voted  && !$speedlimiterror) {
    if (($vote_sent >= 1 && $vote_sent <= ($units * 2) ) && ($ip == $ip_num)) { // keep votes within range
        DB_change($_TABLES['mg_media'], 'media_votes', $added, 'media_id', addslashes($id_sent));
        DB_change($_TABLES['mg_media'], 'media_rating', $new_rating, 'media_id', addslashes($id_sent));
        $sql = "SELECT MAX(id) + 1 AS newid FROM " . $_TABLES['mg_rating'];
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $newid = $row['newid'];
        if ($newid < 1) {
            $newid = 1;
        }
        $sql = "INSERT INTO {$_TABLES['mg_rating']} (id,ip_address,uid,media_id,ratingdate,owner_id) "
             . "VALUES (" . $newid . ", '" . addslashes($ip) . "'," . $uid . ",'" . addslashes($id_sent) . "'," . $ratingdate . "," . $owner_id . " )";
        DB_query($sql);
        COM_updateSpeedlimit ('mgrate');
    }
    header("Location: " . $referer); // go back to the page we came from
    exit;
}
header("Location: " . $referer);
?>